The firewall of an instance can be configured to use manual rules only, or to use a combination of manual and automatic rules. The firewall can be configured for Ingest instances, Prepare instances, and Deliver instances. Firewall rules are used to permit or block access to the instance repository databases.
Automatic Firewall Rules
When are Automatic Firewall Rules created?
Automatic Firewall rules are created by default when an instance is created or when a user connects to a TimeXtender instance. This process entails authenticating both the user credentials and the secret provided. Subsequently a firewall rule is generated for the IP address used to establish the connection and this generates a database user associated with the instance's metadata database. A TimeXtender user can create multiple automatic rules, or connections, when signing in from different IP addresses over time. These automatic rules are named "AllowAll" rules.
How do Automatic Firewall Rules affect security?
While automatic rules offer convenience and efficiency, they present a less secure option compared to static rules. Although automatic rules necessitate validation via a secret and user credentials, they might inadvertently introduce vulnerabilities to the system, particularly when accessed from public locations. This potential risk emphasizes the significance of utilizing static rules, which grant administrators complete authority over the specific IP addresses permitted to access their instances. As a result, security measures are reinforced.
Viewing Firewall Rules
- Go to the TimeXtender portal
- Under Data estate, select Firewall rules to display all Firewall rules
Manual Firewall Rules
Manual rules, also known as static rules, might be necessary if your setup is not supported by TimeXtender Data Integration (for example, applying IPs based on outgoing ports, a scenario that the automatic system cannot accommodate) or if the TimeXtender automatic rule system is malfunctioning (for example, if you encounter an error message that a specific IP address is not allowed to access the server).
Creating a Manual Firewall Rule
- Navigate to Firewall rules
- Click Add firewall rule or Add my IP
- Select an instance to which the rule should apply and enter the rule Name that describes the purpose of the rule
If you select Add my IP, your IP will automatically be added as the Start IPv4 address
- Select private or public access level. Private access level requires a IPv4 Address range to be set, whereas a public access level rule will cover the entire IP range (i.e. 0.0.0.0 to 255.255.255.255)
- For private access level, enter the Start IPv4 Address for the range this rule will cover
- For private access level, enter the End IPv4 Address for the range this rule will cover
- Enter a Comment for the log to explain why the rule is being created. This comment will appear in the TimeXtender log and can be useful for auditing purposes
- Click the Add to apply the rule
Deleting a Firewall Rule
- Navigate to Firewall rules
- Click the delete button next to the Firewall rule to be deleted
- Add a comment and click Remove